Get ready for the EU AI Act with Fruggr
The EU AI Act is now in force. For organizations developing or deploying AI systems in the European market, compliance is no longer optional: it’s a legal obligation with significant financial penalties.
Fruggr’s Sustainable AI cockpit
gives your teams a structured, automated
path to meet those requirements by helping you:
- Identify and classify all AI systems in use across your organization
- Assess the environmental and social impact of your AI portfolio
- Establish a governance and risk management framework aligned with the Act’s requirements
- Produce the technical documentation and audit-ready reports required for compliance
What is the EU AI Act?
The EU AI Act is an EU-wide regulation that sets out risk management, transparency, and reporting obligations for any organization placing an AI system on the EU market, or whose system outputs are used within the EU, regardless of where those systems are developed or deployed. Published in the Official Journal of the European Union on July 12, 2024, the Act entered into force on August 1, 2024.
Obligations apply on a phased timeline: AI literacy requirements and the ban on prohibited practices became enforceable on February 2, 2025, with requirements for high-risk AI systems and general-purpose AI models applying progressively through 2026 and 2027. Enforcement is overseen by national market surveillance authorities in coordination with the EU AI Office.
Penalties for non-compliance
For SMEs and startups, the lower of the two thresholds applies in each case.
Violations involving prohibited AI practices:
Up to 7% of global annual revenue or €35 million, whichever is higher
Non-compliance with most other obligations:
Up to 3% of global annual revenue or €15 million, whichever is higher
Providing incorrect or misleading information to authorities:
Up to 1% of global annual revenue or €7.5 million, whichever is higher
What are organizations responsible for doing?
Your obligations under the EU AI Act depend on three factors: where and how your AI system is used, your entity designation (provider, deployer, distributor, or importer), and the risk classification of each AI system. The most significant requirements apply to high-risk AI systems and providers of general-purpose AI models with systemic risk.
Depending on your risk profile, enterprise obligations may include:
1. Registration:
Registering all applicable AI use cases in the EU database prior to placing the system on the market or putting it into service.
2. Classification:
Identifying and documenting which AI systems fall into the high-risk category as defined in Annex III of the Act, across all business functions.
3. Risk Management:
Adopting a continuous risk management system designed to identify, evaluate, and mitigate foreseeable risks associated with each high-risk AI system throughout its lifecycle.
4. Data Governance:
Ensuring that training, validation, and testing datasets are relevant, sufficiently representative, and free from errors that could lead to discriminatory outcomes or safety failures.
5. Technical Documentation:
Maintaining comprehensive, up-to-date records covering the general characteristics, capabilities, limitations, algorithms, training and testing processes, and associated risk management systems for each high-risk AI system.
6. Human Oversight:
Implementing human-machine interface measures that allow operators to understand, monitor, and intervene in AI system outputs, and to override or halt the system when necessary.
7. Accuracy, Robustness, and Security:
Ensuring consistent performance, resilience to errors and adversarial inputs, and appropriate cybersecurity protections throughout the AI system’s operational lifecycle.
8. Quality Management:
Establishing a documented quality management system covering policies, procedures, and governance instructions for all high-risk AI systems placed on the market.
9. EU Declaration of Conformity: Drafting and maintaining a declaration of conformity for each high-risk AI system, asserting compliance with applicable requirements, and submitting copies to national authorities as required.
10. Incident Reporting:
Reporting any serious incident involving a high-risk AI system to the relevant market surveillance authority no later than 15 days after establishing a causal link between the system and the incident.
Find out how the EU AI Act applies to your AI systems.
How Fruggr supports your EU AI Act compliance
Map and classify your AI systems
Fruggr’s automated connectors collect structured data across your entire IT ecosystem, giving you a centralized inventory of all AI systems in use, whether internally developed, third-party, or vendor-supplied. Each system is documented with its usage context, data inputs, risk indicators, and operational scope, providing the baseline needed to determine risk classification under the Act and register applicable systems in the EU database.
Implement a compliant AI governance framework
Fruggr’s Sustainable AI cockpit lets you define governance policies, assign ownership, track review cycles, and document decisions at every stage of an AI system’s lifecycle. The framework covers the full scope of required obligations, from initial risk assessment and data governance through deployment monitoring, human oversight protocols, and vendor management, all within a single auditable environment aligned with the Act’s quality management expectations.
Produce audit-ready documentation and compliance reports
When the time comes to demonstrate compliance, to your board, to a notified body, or to a national market surveillance authority, Fruggr’s reporting module transforms your governance and assessment data into structured, exportable technical documentation. Compliance reports, risk management summaries, and incident tracking logs are generated automatically, reducing manual reporting effort by over 60% and ensuring your organization is prepared for regulatory examination at any stage of the enforcement timeline.
Frequently asked questions
What is the origin of this legislation (where did the “EU AI Act” come from)?
The EU’s approach to artificial intelligence centers on excellence and trust, aiming to boost research and industrial capacity while ensuring safety and fundamental rights. Since April 2018, the three governance bodies of the European Union have considered how to comprehensively regulate artificial intelligence in the Single Market. In June 2018, the European Commission appointed fifty-two experts to its High Level Expert Group on Artificial Intelligence, which outlined seven key requirements for trustworthy AI covering human agency, technical robustness, privacy, transparency, fairness, societal well-being, and accountability. In April 2021, the European Commission presented its full AI package, including the proposal for a regulation laying down harmonized rules on artificial intelligence. The EU AI Act was published in the Official Journal of the European Union on July 12, 2024 and entered into force on August 1, 2024.
Why is the EU AI Act relevant for non-European companies?
The EU AI Act has broad extraterritorial scope. Any high-risk AI system developed by an EU provider, wherever in the world it is deployed, falls under the regulation. Systems developed outside the EU and placed on the EU market are equally in scope, as are systems whose outputs are intended for use within the EU. Organizations headquartered in North America, Asia, or elsewhere will find themselves subject to the Act if their AI systems serve European markets or users, making it a genuinely global compliance obligation.
What AI systems classify as high-risk?
The EU AI Act defines eight categories of high-risk AI: remote biometric identification systems, AI used in critical infrastructure, education and vocational training, employment and workers management, access to essential private and public services, law enforcement, migration and border control, and the administration of justice and democratic processes. This list can be expanded through future delegated acts issued by the European Commission.
How is General Purpose AI (GPAI) defined and categorized?
General-purpose AI models are systems trained on large volumes of data using self-supervision at scale, capable of performing a wide range of tasks across different contexts. All GPAI models are subject to transparency and documentation obligations under the Act. Models that exceed a computing threshold of 10²⁵ FLOPs, or those designated by the EU AI Office as posing systemic risk, face additional requirements including model evaluations, systemic risk assessment, and mandatory reporting of serious incidents to the European Commission.
What specific documentation and processes need to be developed or implemented for high-risk AI systems?
Organizations operating high-risk AI systems must: perform a conformity assessment, register AI systems in the EU database, maintain a quality management system that includes a risk management system, carry out a fundamental rights impact assessment, and affix a CE marking where applicable. All documentation must be kept up to date throughout the lifetime of the AI system and made available to national authorities upon request.
Govern your AI responsibly, starting now
The enforcement timeline is already underway. Organizations that build their governance infrastructure early are better positioned to meet each successive deadline, reduce regulatory risk, and demonstrate responsible AI practices to regulators, partners, and clients.